CN113329096B - Message transmission method and device, electronic equipment and storage medium - Google Patents
Message transmission method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113329096B CN113329096B CN202110702576.2A CN202110702576A CN113329096B CN 113329096 B CN113329096 B CN 113329096B CN 202110702576 A CN202110702576 A CN 202110702576A CN 113329096 B CN113329096 B CN 113329096B
- Authority
- CN
- China
- Prior art keywords
- message
- tenant system
- tenant
- feedback
- channel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 81
- 230000005540 biological transmission Effects 0.000 title claims abstract description 44
- 230000015654 memory Effects 0.000 claims description 29
- 238000004590 computer program Methods 0.000 claims description 14
- 238000004891 communication Methods 0.000 claims description 11
- 239000003795 chemical substances by application Substances 0.000 description 27
- 238000010586 diagram Methods 0.000 description 10
- 230000008569 process Effects 0.000 description 10
- 230000003287 optical effect Effects 0.000 description 7
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000007667 floating Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application relates to the technical field of message transmission, and particularly discloses a message transmission method, a message transmission device, electronic equipment and a storage medium, wherein the message transmission method comprises the following steps: a first tenant system receives a connection request from a broker, wherein the connection request is issued to the broker by a second tenant system, the first tenant system and the second tenant system being independent of each other; the first tenant system establishes a message channel with the second tenant system according to the connection request; the first tenant system receives a feedback message from the second tenant system through the message channel, wherein the feedback message is feedback made by an external system to a request message sent by the first tenant system.
Description
Technical Field
The present invention relates to the field of message transmission technologies, and in particular, to a message transmission method, an apparatus, an electronic device, and a storage medium.
Background
Due to some reasons, for example, service differentiation such as supervision of a supervisory organization and business expansion of an enterprise, a software system of the enterprise needs to be split into a plurality of tenant systems, so that management is performed on the split services. After splitting, in order to avoid mutual interference among various services, the tenant systems are in mutually independent states. However, when each tenant system of the enterprise performs information interaction with an external system, each tenant system of the enterprise may multiplex the same information channel for message transmission.
Generally speaking, the information interaction between the software system of the enterprise and the external system can be divided into two types from the perspective of the enterprise, one is that the software system of the enterprise actively initiates a request to obtain information; the other is that the external system actively initiates a request to notify information to the software system of the enterprise.
Therefore, when the external system processes the request sent by the enterprise software system and sends the feedback of the request to the enterprise software system, the external system also defaults to only use the channel when receiving the request for feedback. At this time, the feedback is only sent to the default tenant system corresponding to the channel, and since the tenant systems are in mutually independent states, other tenant systems in the enterprise reusing the channel to send the request cannot obtain the feedback of the external system. At this time, the business process is blocked, and the operation efficiency of the enterprise is seriously reduced.
Disclosure of Invention
In order to solve the above problems in the prior art, embodiments of the present application provide a message transmission method, an apparatus, an electronic device, and a storage medium, which can transmit a received feedback message to a corresponding tenant system while ensuring the security of multiple tenant systems split by a software system of an enterprise, thereby ensuring the operation efficiency of the enterprise.
In a first aspect, an embodiment of the present application provides a message transmission method, including:
the method comprises the steps that a first tenant system receives a connection request from an agent, wherein the connection request is sent to the agent by a second tenant system, and the first tenant system and the second tenant system are independent of each other;
the first tenant system establishes a message channel with the second tenant system according to the connection request;
the first tenant system receives a feedback message from the second tenant system through the message channel, wherein the feedback message is feedback made by an external system to a request message sent by the first tenant system.
In a second aspect, an embodiment of the present application provides a message transmission apparatus, including:
the system comprises a receiving module, a sending module and a sending module, wherein the receiving module is used for receiving a connection request from an agent, the connection request is sent to the agent by a second tenant system, and the first tenant system and the second tenant system are independent;
the channel establishing module is used for establishing a message channel between the second tenant system and the channel establishing module according to the connection request;
the receiving module is further configured to receive a feedback message from the second tenant system through the message channel, where the feedback message is a feedback made by the external system on the request message sent by the first tenant system.
In a third aspect, an embodiment of the present application provides an electronic device, including: a processor coupled to the memory, the memory for storing a computer program, the processor for executing the computer program stored in the memory to cause the electronic device to perform the method of the first aspect.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium having a computer program stored thereon, the computer program causing a computer to perform the method according to the first aspect.
In a fifth aspect, embodiments of the present application provide a computer program product comprising a non-transitory computer readable storage medium storing a computer program, the computer operable to cause the computer to perform a method according to the first aspect.
The implementation of the embodiment of the application has the following beneficial effects:
in the embodiment of the application, the first tenant system receives a connection request sent by the second tenant system from the proxy, and then actively establishes a message channel with the second tenant system, so as to receive a feedback message from the second tenant system through the message channel. Therefore, the situation that the tenant system multiplexing the channel cannot acquire the feedback message of the external system when the software system of the enterprise multiplexes the same message channel to send the request message is avoided, and the operation efficiency of the enterprise is ensured. Meanwhile, in the process of message forwarding, the second tenant system cannot know the address information of the first tenant system all the time, and the whole process is that the first tenant system actively establishes a message channel to the second tenant system through an agent, so that the message forwarding is completed. Based on the method, the safety of the address information of the first tenant system can be guaranteed, and then the problem that the leakage of enterprise data and the threat of enterprise safety are caused due to the leakage of the address of the first tenant system in the message forwarding process is avoided.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a network architecture diagram of a software system according to an embodiment of the present application;
fig. 2 is a schematic hardware structure diagram of a message transmission apparatus according to an embodiment of the present disclosure;
fig. 3 is a schematic flowchart of a message transmission method according to an embodiment of the present application;
fig. 4 is a schematic flowchart of a method for a second tenant to determine a system identifier of the first tenant corresponding to a feedback message according to the received feedback message according to the embodiment of the present application;
FIG. 5 is a diagram illustrating a message structure of a table state according to an embodiment of the present application;
FIG. 6 is a diagram illustrating a basic unit of a message structure of a table state according to an embodiment of the present application;
fig. 7 is a schematic flowchart of a method for a first tenant system to establish a message channel with a second tenant system according to a connection request according to an embodiment of the present application;
fig. 8 is a schematic flowchart of a method for determining a subsystem identifier carried in a feedback message according to the feedback message according to an embodiment of the present application;
fig. 9 is a block diagram illustrating functional modules of a message transmission apparatus according to an embodiment of the present disclosure;
fig. 10 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described clearly and completely with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, of the embodiments of the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making creative efforts shall fall within the protection scope of the present application.
The terms "first," "second," "third," and "fourth," etc. in the description and claims of this application and in the accompanying drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements but may alternatively include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Reference herein to "an embodiment" means that a particular feature, result, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by a person skilled in the art that the embodiments described herein can be combined with other embodiments.
First, as shown in fig. 1, fig. 1 is a network architecture diagram of a software system according to the present application, and the software system 100 includes an enterprise software system 101 and an external software system 102. The software system 101 of the enterprise may include a plurality of tenant systems, and in this embodiment, two tenant systems: the first tenant system 103 and the second tenant system 104 are illustrated as an example. The message transmission method under other tenant systems is similar to the message transmission method under two tenant systems, and is not described herein again.
In this embodiment, the first tenant system 103 and the second tenant system 104 are independent from each other, in other words, the first tenant system 103 and the second tenant system 104 are message islands with each other. Meanwhile, the second tenant system 104 communicates with the external software system 102 through the default message channel 105, and the first tenant system 103 multiplexes the default message channel 105 of the second tenant system 104, thereby indirectly communicating with the external software system 102.
Next, referring to fig. 2, fig. 2 is a schematic diagram of a hardware structure of a message transmission apparatus according to an embodiment of the present disclosure. The message transmission device 200 includes at least one processor 201, a communication line 202, a memory 203, and at least one communication interface 204.
In this embodiment, the processor 201 may be a general-purpose Central Processing Unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more ics for controlling the execution of programs according to the present disclosure.
The communication link 202, which may include a path, carries information between the aforementioned components.
The communication interface 204 may be any transceiver or other device (e.g., an antenna, etc.) for communicating with other devices or communication networks, such as an ethernet, RAN, wireless Local Area Network (WLAN), etc.
The memory 203 may be, but is not limited to, a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that can store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
In this embodiment, the memory 203 may be independent and connected to the processor 201 through the communication line 202. The memory 203 may also be integrated with the processor 201. The memory 203 provided in the embodiments of the present application may generally have a nonvolatile property. The memory 203 is used for storing computer-executable instructions for executing the present application, and is controlled by the processor 201 to execute. The processor 201 is configured to execute computer-executable instructions stored in the memory 103, thereby implementing the methods provided in the embodiments of the present application described below.
In alternative embodiments, computer-executable instructions may also be referred to as application code, which is not specifically limited in this application.
In alternative embodiments, processor 201 may include one or more CPUs, such as CPU0 and CPU1 of FIG. 1.
In alternative embodiments, message transmitting device 200 may include multiple processors, such as processor 201 and processor 207 in FIG. 2. Each of these processors may be a single-core (single-CPU) processor or a multi-core (multi-CPU) processor. A processor herein may refer to one or more devices, circuits, and/or processing cores that process data (e.g., computer program instructions).
In an alternative embodiment, if the message transmission apparatus 200 is a server, the message transmission apparatus 200 may further include an output device 205 and an input device 206. The output device 205 is in communication with the processor 201 and may display information in a variety of ways. For example, the output device 205 may be a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display device, a Cathode Ray Tube (CRT) display device, a projector (projector), or the like. The input device 206 is in communication with the processor 201 and may receive user input in a variety of ways. For example, the input device 206 may be a mouse, a keyboard, a touch screen device, or a sensing device, among others.
The message transmission apparatus 200 may be a general-purpose device or a special-purpose device. The embodiment of the present application does not limit the type of the message transmission apparatus 200.
Hereinafter, a message transmission method disclosed in the present application will be explained:
referring to fig. 3, fig. 3 is a schematic flowchart of a message transmission method according to an embodiment of the present disclosure. The message transmission method comprises the following steps:
301: and the second tenant system determines the first tenant system identification corresponding to the feedback message according to the received feedback message.
In this embodiment, the feedback message is a feedback made by an external software system to a request message sent by the first tenant system by multiplexing a default message channel of the second tenant system, and the feedback is sent to the second tenant system through the default message channel. Meanwhile, in the embodiment, since the first tenant system and the second tenant system are independent of each other, the second tenant system cannot directly send the feedback message to the first tenant system.
Based on this, after receiving the feedback message, the second tenant system firstly resolves the target system identifier carried in the feedback message, and determines the target system of the feedback message. In this embodiment, the feedback message is a feedback made by an external software system to a request message sent by a first tenant system by multiplexing a default message channel of a second tenant system, and therefore, a target system identifier carried by the feedback message is the first tenant system identifier.
In this embodiment, when each tenant system in the software system of the enterprise sends a request message to an external software system through the multiplexing message default message channel, the tenant system adds its own system identifier to the request message. For example, a system identification field may be added to the request message to fill in the field with the system identification. Based on this, when the external software system generates the feedback message after processing the request, the system identifier in the request is also added to the feedback message. As mentioned above, a source system identification field may also be added to the feedback message, so that the system identification is filled in this field. In this embodiment, other methods for adding the system identifier to the request message and the feedback message may also be used, which is not limited in this application.
Meanwhile, in this embodiment, a method for a second tenant to determine a system identifier of a first tenant corresponding to a feedback message according to the received feedback message is provided, as shown in fig. 4, the method includes:
401: and the second tenant system analyzes the feedback message to obtain a message structure of the feedback message.
In the present embodiment, the result of the analysis may be output in the form of a table, as shown in fig. 5.
402: and the second tenant system determines the position of the target system identification bit in the feedback message according to the message structure.
In the present embodiment, the message structure of the feedback message is output in the form of a table, as shown in fig. 5, and the basic constitutional unit of the table can be regarded as a line segment and a character string, wherein the character string is used for recording information, and the line segment is used for dividing the table area into a plurality of simple rectangles. Based on this, it can be simply considered that each rectangle divided by line segments and character strings (including empty character strings) in the rectangular area together constitute one basic unit of a table, as shown in fig. 6. Where the line segments form the boundaries of the base unit and the character strings form the content of the base unit. Meanwhile, the position of the character string in the cell is floating, but does not exceed the range of the boundary formed by the line segments. Based on this, it can be assumed that the message structure of the table state is an ordered set consisting of a set of cells.
Thus, the information extracted from the message structure of the table state can be viewed as a mixture of line segments and character strings. For the line segment, in order to avoid the need of intersection calculation of the line segment in the subsequent operation and improve the processing efficiency, in the embodiment, the line segment is identified by numbering the line segment instead of numbering the intersection point. For example, the boundary composed of line segments in the basic unit shown in fig. 6 can be expressed as [ xyz ].
In this embodiment, the information of the message structure of the table state may be extracted according to a certain sequence, for example, from left to right and from top to bottom, with the basic granularity being the basic granularity, and the position relationship between each basic unit may be recorded. Illustratively, each base unit a may be represented as (ijpq, b), where b is the string in the base unit a.
Specifically, after extracting the information of the message structure of the table state shown in fig. 5, it can obtain: a1 (0101, source system identification), a2 (0112, 1234), a3 (0123, target system identification), a4 (0134, 4321), a5 (1201, request message identification), a6 (1212, 1324), a7 (1223, message type), and a8 (1234, c).
Generally, the basic units in the table are usually grouped into two adjacent groups, where the information recorded by the character string in the preceding basic unit is generally a title, and the information recorded by the character string in the following basic unit is generally data corresponding to the title in the preceding basic unit. Based on this, in the present embodiment, the position of the target system identification bit can be determined by calculating the similarity between the character string in each cell and the title name of the "target system identification".
For example, word embedding processing may be performed on the character string in each basic unit, respectively, to obtain a word vector corresponding to each basic unit. And calculating the similarity between the word vector of each basic unit and the title noun vector of the target system identification, and taking the basic unit corresponding to the word vector with the highest similarity as a target position. According to the arrangement mode of the table, the next basic unit adjacent to the target position can be determined to be the position of the target system identification position.
403: and the second tenant system acquires the first tenant system identification from the position of the target system identification bit of the feedback message.
Following the example shown in fig. 5, after similarity calculation, the similarity between the word vector of the basic unit a3 (0123, target system id) and the title noun vector of the "target system id" is the highest, and then the next basic unit of the basic unit a3, that is, the basic unit a4, is the position of the target system id. Reading the character string, and obtaining the target system identifier as: 4321, corresponding to a first tenant system. Therefore, the target system identification of the feedback message with any structure can be quickly obtained, the message format is not required to be unified, only the title name of the target system identification needs to be unified, and the method and the device are wide in application range and high in efficiency.
302: and the second tenant system determines an agent corresponding to the first tenant system identifier according to the first tenant system identifier.
In this embodiment, each tenant system in the software systems of the enterprise is configured with a dedicated agent, and the correspondence between each agent and the system identifier of each tenant system may be determined by establishing a correspondence table. Therefore, the agent corresponding to the first tenant system identification can be determined by querying the relation table.
303: the second tenant system sends a connection request to the broker.
304: the first tenant system receives a connection request from a broker.
305: and the first tenant system establishes a message channel with the second tenant system according to the connection request.
In this embodiment, a method for a first tenant system to establish a message channel with a second tenant system according to a connection request is provided, as shown in fig. 7, the method includes:
701: and the first tenant system determines the address information of the agent according to the connection request.
In this embodiment, when the agent forwards the connection request to the first tenant system, the agent adds its own address information to the connection request. The method for the first tenant system to determine the address information of the proxy according to the connection request is similar to the method for the second tenant system to determine the first tenant system identifier corresponding to the feedback message according to the received feedback message in steps 401 to 403, and is not described again here.
702: and the first tenant system establishes a first message channel with the proxy according to the address information.
In this embodiment, the first message channel may be a message channel based on the SSH protocol.
Illustratively, after receiving the connection request, the first tenant system actively establishes an SSH connection tunnel with the agent according to the address information. After the SSH connection tunnel is established, the proxy can multiplex the SSH connection tunnel, and the reverse SSH connection is arranged in the first tenant system, so that the establishment of the first message channel is completed.
703: the first tenant system obtains the second message channel.
In this embodiment, the second message channel is established by the broker, and the second message channel between the broker and the second tenant system may also be a message channel based on the SSH protocol. Based on this, the method for establishing the second message channel is similar to the method for establishing the first message channel in step 702, and is not described herein again.
704: the first tenant system takes the first message channel and the second message channel as message channels between the first tenant system and the second tenant system.
In an optional embodiment, before the first tenant system establishes a message channel with the second tenant system according to the connection request, the first tenant system may further perform security audit on the connection request to determine whether to establish the message channel.
For example, the first tenant system may determine that the second tenant system is in the white list according to the connection request; and/or the first tenant system may determine that the external software system is legitimate based on the connection request. Specifically, in this embodiment, the connection request may include a system identifier of the external software system and a request message identifier corresponding to the feedback message. Because the external software system feeds back the feedback message based on the request message sent by the first tenant system, the request message identifier corresponding to the feedback message is the identifier of the request message sent by the first tenant system.
Based on this, after receiving the connection request, the first tenant system may analyze the connection request to obtain a message structure of a table state, and then obtain a system identifier of the external software system and a request message identifier corresponding to the feedback message by a method similar to the method for determining, by the second tenant, the first tenant system identifier corresponding to the feedback message according to the received feedback message, which is described in steps 401 to 403.
And then, matching in a history request message library of the feedback message through the request message identifier corresponding to the feedback message, and determining the request message corresponding to the request message identifier corresponding to the feedback message. The specific matching method may be to calculate the similarity, or may be to calculate the length of the longest common substring, which is not limited in this application.
And finally, determining the system identifier of the target system to which the request message is sent according to the matched request message, and determining that the external software system is legal if the system identifier of the target system to which the request message is sent is the same as the system identifier of the external software system. That is, the feedback message does come from an external software system to which the request message was originally sent. Meanwhile, the method for determining the system identifier of the target system to which the request message is sent according to the matched request message is similar to the method for determining, by the second tenant according to the received feedback message, the system identifier of the first tenant corresponding to the feedback message in steps 401 to 403, and details are not repeated here.
306: the first tenant system receives a feedback message from the second tenant system through a message channel.
In an optional embodiment, the first tenant system may further include at least one subsystem, and the request message is sent by one or more of the subsystems. Based on this, after receiving the feedback message, the first tenant system may determine the subsystem identifier carried in the feedback message according to the feedback message. Specifically, as shown in fig. 8, the present invention includes:
801: and the first tenant system analyzes the feedback message to obtain a message structure of the feedback message.
In this embodiment, the method for the first tenant system to analyze the feedback message to obtain the message structure of the feedback message is similar to the method for the second tenant system to analyze the feedback message to obtain the message structure of the feedback message in step 401, and is not described herein again.
802: and the first tenant system determines the position of the identification bit in the feedback message according to the message structure.
In this embodiment, the method for the first tenant system to determine the position of the flag bit in the feedback message according to the message structure is similar to the method for the second tenant system to determine the position of the target system flag bit in the feedback message according to the message structure in step 402, and is not described herein again.
803: and the first tenant system acquires the first identifier from the position of the identifier bit of the feedback message.
In this embodiment, a method for the first tenant system to obtain the first identifier from the location of the identifier of the feedback message is similar to the method for the second tenant system to obtain the first tenant system identifier from the location of the target system identifier of the feedback message in step 403, and details are not repeated here.
804: and the first tenant system descrambles the first identifier according to the descrambling parameter to obtain a subsystem identifier.
In this embodiment, the descrambling parameter may be configured in advance in the configuration information of the first tenant system.
Therefore, the first tenant system can send the feedback message to the subsystem corresponding to the subsystem identifier in the at least one subsystem according to the analyzed subsystem identifier.
In an optional embodiment, the first tenant system in the message transmission method provided by the present invention may also refer to a certain subsystem in the first tenant system, and then the subsystem actively establishes a message channel with the second tenant system to obtain the feedback message, thereby improving the efficiency of message transmission. The message transmission method in this case is similar to the message transmission method between the first tenant system and the second tenant system in steps 301 to 306, and is not described herein again.
In summary, in the message transmission method provided by the present invention, the first tenant system receives the connection request sent by the second tenant system from the proxy, and then actively establishes the message channel with the second tenant system, so as to receive the feedback message from the second tenant system through the message channel. Therefore, the situation that the tenant system multiplexing the channel cannot acquire the feedback message of the external system when the software system of the enterprise multiplexes the same message channel to send the request message is avoided, and the operation efficiency of the enterprise is ensured. Meanwhile, in the process of message forwarding, the second tenant system cannot know the address information of the first tenant system all the time, and the whole process is that the first tenant system actively establishes a message channel to the second tenant system through an agent, so that the message forwarding is completed. Based on the method, the safety of the address information of the first tenant system can be guaranteed, and then the problem that the leakage of enterprise data and the threat of enterprise safety are caused due to the leakage of the address of the first tenant system in the message forwarding process is avoided.
Referring to fig. 9, fig. 9 is a block diagram illustrating functional modules of a message transmission device according to an embodiment of the present disclosure. As shown in fig. 9, the message transmission apparatus 900 includes:
a receiving module 901, configured to receive a connection request from an agent, where the connection request is sent to the agent by a second tenant system, and the first tenant system and the second tenant system are independent of each other;
a channel establishing module 902, configured to establish a message channel with a second tenant system according to the connection request;
the receiving module 901 is further configured to receive a feedback message from the second tenant system through the message channel, where the feedback message is a feedback made by the external system to the request message sent by the first tenant system.
In an embodiment of the present invention, in terms of establishing a message channel with a second tenant system according to a connection request, the channel establishing module 902 is specifically configured to:
determining address information of the agent according to the connection request;
establishing a first message channel with the agent according to the address information;
acquiring a second message channel, wherein the second message channel is established by an agent and is a message channel between the agent and a second tenant system;
and taking the first message channel and the second message channel as message channels between the first tenant system and the second tenant system.
In the embodiment of the present invention, in terms of establishing the first message channel with the proxy according to the address information, the channel establishing module 902 is specifically configured to:
according to the address information, an SSH connection tunnel between the proxy and the SSH is established;
the SSH connection tunnel is used as the first message channel.
In an embodiment of the present invention, the first tenant system includes at least one subsystem, and based on this, the message transmission apparatus 900 further includes:
a transmission module 903, configured to determine, according to the feedback message, a subsystem identifier carried in the feedback message; and sending the feedback message to a subsystem corresponding to the subsystem identifier in at least one subsystem according to the subsystem identifier.
In the embodiment of the present invention, in terms of determining the subsystem identifier carried in the feedback message according to the feedback message, the transmission module 903 is specifically configured to:
analyzing the feedback message to obtain a message structure of the feedback message;
determining the position of the identification bit in the feedback message according to the message structure;
acquiring a first identifier from the position of the identifier bit of the feedback message;
and descrambling the first identifier according to the descrambling parameters to obtain a subsystem identifier, wherein the descrambling parameters are configured in the configuration information of the first tenant system in advance.
In an embodiment of the present invention, before establishing a message channel with the second tenant system according to the connection request, the channel establishing module 902 is further configured to:
determining that the second tenant system is in a white list according to the connection request; and/or
And determining that the external system is legal according to the connection request.
In an embodiment of the invention, the connection request comprises: the system identification of the external system and the request message identification corresponding to the feedback message are sent by the first tenant system;
based on this, in determining that the external system is legal according to the connection request, the channel establishing module 902 is specifically configured to:
determining a request message corresponding to the request message identifier according to the request message identifier in the connection request;
determining a system identifier of a target system to which the request message is sent according to the request message;
and if the system identification of the target system sent by the request message is the same as the system identification of the external system, determining that the external system is legal.
Referring to fig. 10, fig. 10 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure, where the electronic device 1000 is disposed in a first tenant system. As shown in fig. 10, the electronic device 1000 includes a transceiver 1001, a processor 1002, and a memory 1003. Connected to each other by a bus 1004. The memory 1003 is used to store computer programs and data, and may transmit data stored in the memory 1003 to the processor 1002.
The processor 1002 is configured to read the computer program in the memory 1003 to perform the following operations:
receiving a connection request from the agent, wherein the connection request is sent to the agent by a second tenant system, and the first tenant system and the second tenant system are independent of each other;
establishing a message channel between the first tenant system and the second tenant system according to the connection request;
and receiving a feedback message from the second tenant system through the message channel, wherein the feedback message is feedback made by an external system to the request message sent by the first tenant system.
In an embodiment of the present invention, in terms of establishing a message channel with a second tenant system according to a connection request, the processor 1002 is specifically configured to:
determining address information of the agent according to the connection request;
establishing a first message channel with the agent according to the address information;
acquiring a second message channel, wherein the second message channel is established by an agent and is a message channel between the agent and a second tenant system;
and taking the first message channel and the second message channel as message channels between the first tenant system and the second tenant system.
In an embodiment of the present invention, in terms of establishing a first message channel with an agent according to address information, the processor 1002 is specifically configured to perform the following operations:
according to the address information, an SSH connection tunnel between the proxy and the SSH is established;
the SSH connection tunnel is used as the first message channel.
In an embodiment of the present invention, the first tenant system comprises at least one subsystem, based on which the processor 1002 is further configured to perform the following operations:
determining a subsystem identifier carried in the feedback message according to the feedback message; and sending the feedback message to a subsystem corresponding to the subsystem identifier in at least one subsystem according to the subsystem identifier.
In the embodiment of the present invention, in terms of determining the subsystem identifier carried in the feedback message according to the feedback message, the processor 1002 is specifically configured to perform the following operations:
analyzing the feedback message to obtain a message structure of the feedback message;
determining the position of the identification bit in the feedback message according to the message structure;
acquiring a first identifier from the position of the identifier bit of the feedback message;
and descrambling the first identifier according to the descrambling parameter to obtain a subsystem identifier, wherein the descrambling parameter is configured in the configuration information of the first tenant system in advance.
In an embodiment of the present invention, before establishing a message channel with the second tenant system according to the connection request, the processor 1002 is further configured to:
determining that the second tenant system is in a white list according to the connection request; and/or
And determining that the external system is legal according to the connection request.
In an embodiment of the invention, the connection request comprises: the system identification of the external system and the request message identification corresponding to the feedback message, wherein the request message corresponding to the request message identification is sent by the first tenant system;
based on this, in terms of determining that the external system is legitimate according to the connection request, the processor 1002 is specifically configured to perform the following operations:
determining a request message corresponding to the request message identifier according to the request message identifier in the connection request;
determining a system identifier of a target system to which the request message is sent according to the request message;
and if the system identification of the target system sent by the request message is the same as the system identification of the external system, determining that the external system is legal.
It should be understood that the message transmission device in the present application may include a smart Phone (such as an Android Phone, an iOS Phone, a Windows Phone, etc.), a tablet computer, a palm computer, a notebook computer, a Mobile Internet device MID (Mobile Internet Devices, abbreviated as MID), a robot, or a wearable device. The message transmission devices are only examples and are not exhaustive, including but not limited to the message transmission devices. In practical applications, the message transmission apparatus may further include: intelligent vehicle-mounted terminal, computer equipment and the like.
Through the above description of the embodiments, those skilled in the art will clearly understand that the present invention can be implemented by combining software and a hardware platform. With this understanding in mind, all or part of the technical solutions of the present invention that contribute to the background can be embodied in the form of a software product, which can be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes instructions for causing a computer device (which can be a personal computer, a server, or a network device, etc.) to execute the methods according to the embodiments or some parts of the embodiments.
Accordingly, the present application also provides a computer readable storage medium, which stores a computer program, wherein the computer program is executed by a processor to implement part or all of the steps of any one of the message transmission methods as described in the above method embodiments. For example, the storage medium may include a hard disk, a floppy disk, an optical disk, a magnetic tape, a magnetic disk, a flash memory, and the like.
Embodiments of the present application also provide a computer program product comprising a non-transitory computer readable storage medium storing a computer program operable to cause a computer to perform some or all of the steps of any of the message transmission methods as described in the above method embodiments.
It should be noted that for simplicity of description, the above method embodiments are described as a series of acts, but those skilled in the art should understand that the present application is not limited by the described order of acts, as some steps may be performed in other orders or simultaneously according to the present application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are all alternative embodiments and that the acts and modules referred to are not necessarily required by the application.
In the above embodiments, the description of each embodiment has its own weight, and for parts that are not described in detail in a certain embodiment, reference may be made to the description of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is merely a logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of some interfaces, devices or units, and may be an electric or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each of the units may exist alone physically, or two or more units may be integrated into one unit. The integrated unit may be implemented in the form of hardware, or may be implemented in the form of a software program module.
The integrated unit, if implemented in the form of a software program module and sold or used as a stand-alone product, may be stored in a computer readable memory. Based on such understanding, the technical solutions of the present application, in essence or part of the technical solutions contributing to the prior art, or all or part of the technical solutions, can be embodied in the form of a software product, which is stored in a memory and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned memory comprises: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable memory, and the memory may include: flash Memory disks, read-Only memories (ROMs), random Access Memories (RAMs), magnetic or optical disks, and the like.
The foregoing detailed description of the embodiments of the present application has been presented, and specific examples have been applied herein to illustrate the principles and embodiments of the present application, but the foregoing detailed description of the embodiments is only provided to help understand the method and its core idea of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, the specific implementation manner and the application scope may be changed, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (9)
1. A method for message transmission, the method comprising:
a first tenant system receives a connection request from a broker, wherein the connection request is issued to the broker by a second tenant system, the first tenant system and the second tenant system being independent of each other;
the first tenant system determines address information of the agent according to the connection request;
the first tenant system establishes a first message channel with the agent according to the address information;
the first tenant system obtaining a second message channel, the second message channel being established by the broker, the message channel between the broker and the second tenant system;
the first tenant system takes the first message channel and the second message channel as message channels between the first tenant system and the second tenant system;
the first tenant system receives a feedback message from the second tenant system through the message channel, wherein the feedback message is feedback made by an external system to a request message sent by the first tenant system through multiplexing a default message channel of the second tenant system, and the feedback is sent to the second tenant system through the default message channel.
2. The method of claim 1, wherein the first tenant system establishes a first message channel with the broker according to the address information, comprising:
the first tenant system establishes an SSH connection tunnel with the proxy according to the address information;
the first tenant system takes the SSH connection tunnel as the first message channel.
3. The method of any of claims 1-2, wherein the first tenant system comprises at least one subsystem, the method further comprising:
the first tenant system determines a subsystem identifier carried in the feedback message according to the feedback message;
and the first tenant system sends the feedback message to a subsystem corresponding to the subsystem identifier in the at least one subsystem according to the subsystem identifier.
4. The method according to claim 3, wherein the determining, by the first tenant system, the subsystem identifier carried in the feedback message according to the feedback message includes:
the first tenant system analyzes the feedback message to obtain a message structure of the feedback message;
the first tenant system determines the position of an identification bit in the feedback message according to the message structure;
the first tenant system acquires a first identifier from the position of the identifier bit of the feedback message;
and the first tenant system descrambles the first identifier according to descrambling parameters to obtain the subsystem identifier, wherein the descrambling parameters are configured in the configuration information of the first tenant system in advance.
5. The method of any of claims 1-2, wherein prior to the first tenant system establishing a message channel with the second tenant system in accordance with the connection request, the method further comprises:
the first tenant system determines that the second tenant system is in a white list according to the connection request; and/or
And the first tenant system determines that the external system is legal according to the connection request.
6. The method of claim 5,
the connection request includes: a system identifier of the external system and a request message identifier corresponding to the feedback message, wherein the request message corresponding to the request message identifier is sent by the first tenant system;
the first tenant system determines that the external system is legal according to the connection request, and the method comprises the following steps:
the first tenant system determines a request message corresponding to the request message identifier according to the request message identifier in the connection request;
the first tenant system determines a system identifier of a target system to which the request message is sent according to the request message;
and if the system identification of the target system sent by the request message is the same as the system identification of the external system, determining that the external system is legal.
7. A message transmission apparatus, the apparatus being disposed in a first tenant system, the apparatus comprising:
a receiving module, configured to receive a connection request from an agent, where the connection request is sent to the agent by a second tenant system, and the first tenant system and the second tenant system are independent of each other;
the channel establishing module is used for determining the address information of the proxy according to the connection request; establishing a first message channel between the proxy and the proxy according to the address information; obtaining a second message channel, wherein the second message channel is established by the agent, and the message channel is between the agent and the second tenant system; using the first message channel and the second message channel as message channels between the first tenant system and the second tenant system;
the receiving module is further configured to receive a feedback message from the second tenant system through the message channel, where the feedback message is a feedback made by an external system to a request message sent by the first tenant system through multiplexing a default message channel of the second tenant system, and the feedback is sent to the second tenant system through the default message channel.
8. An electronic device comprising a processor, a memory, a communication interface, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the processor, the one or more programs including instructions for performing the steps in the method of any of claims 1-6.
9. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program, which is executed by a processor to implement the method according to any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110702576.2A CN113329096B (en) | 2021-06-23 | 2021-06-23 | Message transmission method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110702576.2A CN113329096B (en) | 2021-06-23 | 2021-06-23 | Message transmission method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113329096A CN113329096A (en) | 2021-08-31 |
| CN113329096B true CN113329096B (en) | 2023-04-07 |
Family
ID=77424528
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110702576.2A Active CN113329096B (en) | 2021-06-23 | 2021-06-23 | Message transmission method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113329096B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114448670B (en) * | 2021-12-27 | 2023-06-23 | 天翼云科技有限公司 | Data transmission method and device and electronic equipment |
| CN114527905A (en) * | 2022-02-17 | 2022-05-24 | 未鲲(上海)科技服务有限公司 | Message automatic sending method, device, equipment and storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107395532A (en) * | 2017-07-11 | 2017-11-24 | 北京航空航天大学 | A kind of multi-tenant virtual network partition method based on SDN |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10893100B2 (en) * | 2015-03-12 | 2021-01-12 | International Business Machines Corporation | Providing agentless application performance monitoring (APM) to tenant applications by leveraging software-defined networking (SDN) |
| US10476942B2 (en) * | 2016-12-21 | 2019-11-12 | International Business Machines Corporation | DNS resolution of overlapping domains in a multi-tenant computing environment |
| CN110580127B (en) * | 2018-06-07 | 2020-10-16 | 华中科技大学 | Resource management method and resource management system based on multi-tenant cloud storage |
| CN108566444A (en) * | 2018-08-01 | 2018-09-21 | 长沙拓扑陆川新材料科技有限公司 | A kind of network transfer method and system of cloud service |
| CN109254847B (en) * | 2018-08-22 | 2022-04-19 | 创新先进技术有限公司 | Tenant mapping information acquisition method and device |
| CN111294319B (en) * | 2018-12-07 | 2022-05-27 | 网宿科技股份有限公司 | Network isolation method and device, network equipment and readable storage medium |
| CN111935110B (en) * | 2020-07-24 | 2022-05-06 | 北京金山云网络技术有限公司 | Method and device for controlling permission of tenant to access container instance |
| CN112118565B (en) * | 2020-08-14 | 2023-07-25 | 金蝶医疗软件科技有限公司 | Multi-tenant service gray level publishing method, device, computer equipment and storage medium |
| CN112491630B (en) * | 2020-12-07 | 2023-08-04 | 北京华胜天成科技股份有限公司 | Bare metal automatic deployment method and device and cloud environment platform |
| CN112910685B (en) * | 2021-01-13 | 2022-04-01 | 新华三大数据技术有限公司 | Method and device for realizing unified management of container network |
-
2021
- 2021-06-23 CN CN202110702576.2A patent/CN113329096B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107395532A (en) * | 2017-07-11 | 2017-11-24 | 北京航空航天大学 | A kind of multi-tenant virtual network partition method based on SDN |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113329096A (en) | 2021-08-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111818136B (en) | Data processing method, device, electronic equipment and computer readable medium | |
| CN113329096B (en) | Message transmission method and device, electronic equipment and storage medium | |
| CN111258725A (en) | Data processing method, device, equipment and medium based on block chain | |
| WO2014131299A1 (en) | Method, system, server and client device for message synchronizing | |
| WO2017071120A1 (en) | Method and device for establishing wireless connection | |
| CN110377440B (en) | Information processing method and device | |
| US20200260277A1 (en) | Method for wireless access authentication | |
| CN113489593B (en) | JSON message checking method and JSON message checking device | |
| WO2023005163A1 (en) | Method for loading application page, storage medium and related device thereof | |
| CN113076153A (en) | Interface calling method and device | |
| CN111885184A (en) | Method and device for processing hot spot access keywords in high concurrency scene | |
| CN112650804B (en) | Big data access method, device, system and storage medium | |
| CN114064308A (en) | Multi-data sending and receiving method, device and equipment based on column type data scanning | |
| CN116781586A (en) | gRPC flow analysis method, device, equipment and medium | |
| US9813927B2 (en) | Mobile terminal flow identification method and apparatus | |
| CN114780519A (en) | DBC file generation method, device, equipment and medium based on CAN communication | |
| CN112379967B (en) | Simulator detection method, device, equipment and medium | |
| CN113742235A (en) | Method and device for checking codes | |
| CN113377376A (en) | Data packet generation method, data packet generation device, electronic device, and storage medium | |
| CN111984202A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN113472715A (en) | Data transmission method and device | |
| CN116600031B (en) | Message processing method, device, equipment and storage medium | |
| CN113821750B (en) | Page data processing method and system, electronic equipment and readable storage medium | |
| CN114860390B (en) | Container data management method, device, program product, medium and electronic equipment | |
| CN113760382B (en) | Plug-in starting method and device, terminal equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20231007 Address after: Room 220202, 2nd Floor, East Unit, Building 2, South Jincheng Four Seasons, East Section of Kuang Kuang Road, Chanba District, Xi'an City, Shaanxi Province, 710038 Patentee after: Xi'an Dekun Enterprise Management Service Co.,Ltd. Address before: Floor 15, no.1333, Lujiazui Ring Road, pilot Free Trade Zone, Pudong New Area, Shanghai Patentee before: Weikun (Shanghai) Technology Service Co.,Ltd. |
|
| TR01 | Transfer of patent right |